On 01/05/15 20:09, faraz khan wrote: > Matt, > Thanks again! To be precise webrtc is using boringssl (Google's fork of > openssl). From the commits it seems VERY recent but I'm unable to figure > out the last openssl merge-in. You think this could be the issue? Should > I try both with boringSSL (its kinda hard to compile webrtc with openSSL > now since after the move to boringSSL) Ahhh. BoringSSL. That means a slightly different list of potential causes (they forked OpenSSL 1.0.2, and have continued to make changes since then). I've just checked the latest dev version, and that means possible causes: - digest check failed processing the Finished message - CRL signature failure processing the client Certificate - Overly short RSA key - Bad RSA decrypt/signature processing the CertificateVerify To be honest I am more inclined to believe it is a problem on the client side rather than the WebRTC side. The fact that it goes away after you restart the client suggests to me that the client is getting itself into a strange state. Perhaps some kind of memory corruption (either through client application or openssl bug)? Anyway I'd suggest two things as next steps: - Try and figure out how to get more logging out of WebRTC to find out more specifically what it is complaining about - Upgrade your OpenSSL version to 1.0.1m Matt
